Hello guys I've been trying to clean my pc these last days, without no success, so I'd need some help.
Here are my sythoms:
-Explorer (and Firefox when using it) windows pop up randomly with url www.ad-w-a-r-e.com (after that the url is redirected to other ads pages).
-Some flash ads from time to time.
I've used these programs: -Ad-ware SE -BPS Spyware & Adware Remover -Spy Sweeper (this one prevents the windows to pop up, but the spyware still is there) -Ewido anti-malware 3.5 (This one detects Look2me malware, but after cleaning, the problem persists).
My Hijackthis log:
Logfile of HijackThis v1.99.1 Scan saved at 09:28:21 p.m., on 25/02/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\ARCHIV~1\ARCHIV~1\Stardock\SDMCP.exe C:\WINDOWS\Explorer.EXE C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkService.exe C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe C:\Archivos de programa\ewido anti-malware\ewidoguard.exe C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Archivos de programa\Stardock\ObjectDock\ObjectDock.exe C:\WINDOWS\system32\wscntfy.exe C:\Archivos de programa\Webroot\Spy Sweeper\WRSSSDK.exe C:\Archivos de programa\Mozilla Firefox\firefox.exe C:\Archivos de programa\Foxmail\Foxmail.exe C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeper.exe C:\archivos de programa\microsoft office\office11\winword.exe C:\Archivos de programa\TextPad 4\TextPad.exe C:\Documents and Settings\Admin\Escritorio\HijackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos R3 - Default URLSearchHook is missing O3 - Toolbar: @msdxmLC.dll,-1@3082,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx O4 - HKLM\..\Run: [AVG7_CC] C:\ARCHIV~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [DU Meter] C:\Archivos de programa\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SpySweeper] "C:\Archivos de programa\Webroot\Spy Sweeper\SpySweeper.exe" /startintray O4 - Startup: Stardock ObjectDock.lnk = C:\Archivos de programa\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Archivos de programa\Archivos comunes\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL O20 - Winlogon Notify: MCPClient - C:\ARCHIV~1\ARCHIV~1\Stardock\mcpstub.dll O20 - Winlogon Notify: SideBySide - C:\WINDOWS\system32\en6ul1j91.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\ARCHIV~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Archivos de programa\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: ewido security suite control - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Archivos de programa\ewido anti-malware\ewidoguard.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Archivos de programa\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Archivos de programa\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Archivos de programa\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
After several sessions of cleaning, I've eliminated other spyware I was even unware (before this problem, I only used Ad-ware SE) and other sythoms have dissapeared, but not the pop upped windows).
As an additional tip, Windows Restore utility is disabled.
Hope you guys can give me a hand and solve this problem, which is really starting to !!!! me off.
Other thing that shows up: A error message when windows is starting up, it involucrates the file: "C:\Windows\System32\mldadiag.dll"DllGetVersion though sometimes it changes the file.
Does anyone know what malware I'm dealing with? The spyware remover all show different results and I'm unsure.
Currently it is Saturday, February 04, 2012 6:11 AM (GMT +1) There are a total of 82.631 posts in 18.627 threads. In the last 3 days there were 3 new threads and 16 reply posts. View Active Threads
Who's Online
This forum has 33712 registered members. Please welcome our newest member, marabu. 26 Guest(s), 0 Registered Member(s) are currently online. Details
|
Forum Help Manual
